Monday's software updates fix an array of security issues in macOS, iOS, and iPadOS, including one affecting Safari's WebKit that was being actively exploited.
The first, a Kernel issue, impacts all three updates, and is described as one where "an app may be able to execute arbitrary code with kernel privileges. The fix addressed a "use after free issue" by adding "improved memory management.
Identified as CVE-2023-23514, the issue was declared by Xinru Chi of Pangu Lab and Ned Williamson of Google Project Zero.
The second, a WebKit problem, is listed as impacting all of the operating systems, as well as Safari itself. Under the issue, "processing maliciously crafted web content may lead to arbitrary code execution."
Apple adds that it is "aware of a report that this issue may have been actively exploited." It has since been fixed with "improved checks."
It is identified as CVE-2023-23529, and was found by "an anonymous researcher.
The last issue is for Shortcuts, and specifically affects macOS Ventura. Under the issue, an app "may be able to observe unprotected user data," which was fixed with "improved handling of temporary files."
CVE-2023-23522 was found by Wenchao Li and Xiaolong Bai of Alibaba Group.